CISM exam

Successful implementation of information security governance will FIRST require:A . security awareness training.B . updated security policies.C . a computer incident management team.D . a security architecture.View AnswerAnswer: B Explanation: Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into...

Which of the following MOST commonly falls within the scope of an information security governance steering committee?A . Interviewing candidates for information security specialist positionsB . Developing content for security awareness programsC . Prioritizing information security initiativesD . Approving access to critical financial systemsView AnswerAnswer: C Explanation: Prioritizing information security...

Which of the following are seldom changed in response to technological changes?A . StandardsB . ProceduresC . PoliciesD . GuidelinesView AnswerAnswer: C Explanation: Policies are high-level statements of objectives. Because of their high-level nature and statement of broad operating principles, they are less subject to periodic change. Security standards and...

When personal information is transmitted across networks, there MUST be adequate controls over:A . change management.B . privacy protection.C . consent to data transfer.D . encryption devices.View AnswerAnswer: B Explanation: Privacy protection is necessary to ensure that the receiving party has the appropriate level of protection of personal data. Change...

The cost of implementing a security control should not exceed the:A . annualized loss expectancy.B . cost of an incident.C . asset value.D . implementation opportunity costs.View AnswerAnswer: C Explanation: The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses...

Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:A . organizational risk.B . organization wide metrics.C . security needs.D . the responsibilities of organizational units.View AnswerAnswer: A Explanation: Information security exists to help the organization meet its objectives. The information...

Which of the following represents the MAJOR focus of privacy regulations?A . Unrestricted data miningB . Identity theftC . Human rights protectionE . Identifiable personal dataView AnswerAnswer: D Explanation: Protection of identifiable personal data is the major focus of recent privacy regulations such as the Health Insurance Portability and Accountability...

Which of the following is characteristic of centralized information security management?A . More expensive to administerB . Better adherence to policiesC . More aligned with business unit needsD . Faster turnaround of requestsView AnswerAnswer: B Explanation: Centralization of information security management results in greater uniformity and better adherence to security...

An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:A . bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.B . establish baseline standards for all locations and add supplemental standards as required.C . bring...

When a security standard conflicts with a business objective, the situation should be resolved by:A . changing the security standard.B . changing the business objective.C . performing a risk analysis.D . authorizing a risk acceptance.View AnswerAnswer: C Explanation: Conflicts of this type should be based on a risk analysis of...